IS20 Security Controls Certification Course

Description

This 3 day instructor led training course covers proven tools and methodologies needed to execute and analyze the Top Twenty Most Critical Security Controls. Nearly all organizations containing sensitive information are adopting these Security Controls, listed below, as the highest priority list of what must be substantiated before anything else.

These controls were chosen by leading government and private organizations who are experts on how attacks work and what can be done to prevent them from happening. The controls were selected as the best way to block known attacks as well as help search for and alleviate any damage from the attacks that are successful. This course allows the security professional to see how to implement controls in your existing network though highly effective and economical automation. For management, this training is the best way to distinguish how you will assess whether these security controls are effectively being administered.

Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.

Outline

Course Introduction

Critical Control 1:

Inventory of Authorized and Unauthorized Devices

Critical Control 2:

Inventory of Authorized and Unauthorized Software

Critical Control 3:

Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

Critical Control 4:

Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

Critical Control 5:

Boundary Defence

Critical Control 6:

Maintenance, Monitoring, and Analysis of Audit Logs

Critical Control 7:

Application Software Security

Critical Control 8:

Controlled Use of Administrative Privileges

Critical Control 9:

Controlled Access Based on Need to Know

Critical Control 10:

Continuous Vulnerability Assessment and Remediation

Critical Control 11:

Account Monitoring and Control

Critical Control 12:

Malware Defences

Critical Control 13:

Limitation and Control of Network Ports, Protocols, and Services

Critical Control 14:

Wireless Device Control

Critical Control 15:

Data Loss Prevention

Critical Control 16:

Secure Network Engineering

Critical Control 17:

Penetration Tests and Red Team Exercises

Critical Control 18:

Incident Response Capability

Critical Control 19:

Data Recovery Capability

Critical Control 20:

Security Skills Assessment and Appropriate Training to Fill Gaps

PreRequisites

A basic understanding of networking and security technologies

Audience

Information assurance managers/auditors

System implementers/administrators

Network security engineers

IT administrators

Auditors/auditees

DoD personnel/contractors

Federal agencies/clients

Security vendors and consulting groups looking to stay current with frameworks for information assurance